VPN with Qubes?

I am thinking about getting Qubes on my PC that I want to use anonymously and securely. Therefore, one of my possible options is Qubes with Whonix VM. Now, I am having the following question before I connect my PC with Qubes to the internet.

All the time before, as I used other Linux distributions with VPN (Mullvad, paid anonymously) which felt safe for me as I had kill switch on.

Should I get Mullvad on Qubes now as well before I configure Tor and access the internet? Although I would use Whonix for my internet activities, it feels weird to connect Qubes itself to the internet without VPN.

as long as you use Mullvad, you should have vpn when you connect to the internet
with tor, it depend on many thing, if you condenser that you need a vpn before connect to tor, you can

Whonix can be used without VPN (should be done in this manner). Whonix can be used with proxy and bridges. Whonix is much more anonymous than a VPN (can’t be sure enough).
So If you are not hardcore fan (you shouldn’t be in light of many popular ones failing trust of buyers) of any VPN, you are better off with them.

1 Like

I am not yet having Mullvad on it. The question was if it is recommended for privacy to set up Mullvad on Qubes itself before I enter the Whonix VM.

Yes, I don’t want to connect my Whonix VM to a VPN, but Qubes itself (if that is possible (I haven’t set it up yet)), and then enter the Whonix VM.

Hi, kindly check out my two answers to the two other people who have answered. I think it explains better what I mean.

When you use Qubes, you make use of various individual qubes. Usually
these are connected to a firewall qube - sys-firewall - which is
connected to sys-net, which holds the NIC. It’s sys-net that connects
directly to the network.
If you want to use a VPN, you can install it on a qube between
sys-firewall and sys-net. Then attach Whonix-gw to the VPN qube, and all
your Whonix traffic will go through the VPN, as well as non Tor traffic.

You should read this about mixing Tor and VPN.
It’s not recommended unless you are an advanced user who knows how to
configure both in a way that wont compromise your privacy.

I said that “all your traffic will go though the VPN”: this isn’t
strictly true because there is some traffic from sys-net, both from the
qube itself, and from Qubes system services.
You can solve this by changing global parameters to use some other
qube than sys-net for these services, and setting the firewall in sys-net
to block all outbound traffic originating from sys-net.

Welcome to Qubes.

1 Like

it is recommended

Thank you very much. I see, it’s a playfield for experts, which I am not. I might leave it as it is and just use Qubes + Whonix out of the box, and always Tor browser. I think this way I’ll have a great amount of privacy/anonymity, right?

1 Like

it difficult to answer without knowledge about privacy, in most time (threat model) it enough